The last article in this WordPress security series was an overview of the program’s blogging code. The following tips are some more security measurements that you might want to employ to keep your blog clean and safe.

Utilize strong passwords

One of the first things taught is to ensure all passwords cannot be simply guessed. Despite this fact, far too often administrators will fail to check all accounts. If an account can write to the system it must have a strong password.

There are many online articles about how to select good passwords, so there’s no need to repeat that here. Just ensure that you adhere to the advice contained in these articles and refrain from copying the passwords they list.

Use SCP in lieu of FTP

The availability of good FTP programs makes transferring files to and from your hosting server onto your blog simple and convenient. If you can easily move files locally, most FTP programs will work for you. Search online for one that works for you.

Instead of FTP, which can make your server log-in information easily visible, I suggest you use Cyberduck for OS X and WinSCP for Windows so that the same information is more secure while being sent to your server.

It is advisable to activate your server’s SSH login and deactivate FTP in order to properly utilize SCP.

Write-protect your WordPress theme

There is evidence that an exploit that alters WordPress themes to admit malware and spam links. One way to prevent the exploit is to change the file permissions of your WordPress themes directory to 755, and of each file in the directory to 644. The bad news is that each time you want to change your theme, you will need to FTP each modified file to your web server.

Most plugins write their data to the directory where they are installed. This makes write protection of the plugins directories impossible.

Review your site’s HTML source often

Be sure to view your Web site’s HTML source often. If you find large excerpts of encrypted JavaScript, IFRAMEs that are embedded or hidden links for unfamiliar sites, it’s possible that your blog was compromised. You should check often so you can find and solve any issues before Google does and then blacklists your blog. Or, worse, you could infect your readers with malicious software distributed on your site.

Nick Dalton is a WordPress security expert who regularly writes articles for Internet business entrepreneurs and bloggers at TipsTricksToolsTechniques.com.

- Nick Dalton


 Powered by Max Banner Ads 

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Fleck
  • Live
  • Ma.gnolia
  • MisterWong
  • Pownce
  • Propeller
  • StumbleUpon
  • Technorati
  • TwitThis
Share This Post

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!